Cyber Security Leaders Rally to Combat Advanced Persistent Threats
FOR IMMEDIATE RELEASE
Cyber Security Leaders Rally to Combat Advanced Persistent Threats
Findings Released from Summit of Public and Private Sector Leaders
Address Cyber Crisis Threatening Security of Nations and Economies
Worldwide
News Summary:
* RSA and TechAmerica release findings from top cyber security
leadership in government, defense industrial base, financial services,
critical infrastructure and technology from Washington, D.C. Summit on
Advanced Persistent Threats (APTs).
* Recommendations urge chief executives in every industry sector not to
delay devoting attention and funding to combat advanced threats and to
“plan and act as though you’ve already been breached.”
* Lawmakers urged to remove legal barriers that impede information
sharing among global security ecosystem.
* Real-time intelligence sharing, early detection, end-user security
training and testing and incident response named key elements to better
defend against advanced threats and recover from inevitable
cyber-attacks.
* RSA commits to bring further education and dialogue with cyber
security, business and government leaders worldwide through series of
regional Advanced Threat Summits beginning Oct. 10, 2011,
BEDFORD, MA. – Sept. 13, 2011 – RSA, The Security Division of EMC
(NYSE: EMC) and TechAmerica today released key findings derived from a
forum of more than 100 of the world's top cyber security leaders from
government and business who met in Washington, DC to address the impact
of Advanced Persistent Threats (APTs) as well as strategies for defense
and mitigation. Participants at the APT Summit shared threat
intelligence, defensive strategies and best practices for protecting
against the most menacing security threats targeting highly sensitive
information and intellectual property of governments and businesses.
“The frequency and volume of attacks has reached pandemic levels –
this is not a passing fad or anomaly,” said Eddie Schwartz, Chief
Security Officer of RSA, The Security Division of EMC. “The new fact
of life is a ‘state’ of persistent, dynamic, intelligent threat and
disruption, the economic and societal ramifications of which are
overwhelming. This doesn’t mean that we as a collective of security
professionals are powerless against our adversaries – we can and
should be able to manage our risk to an acceptable level and change the
ongoing and grim trends. Only through collaboration can we unite our
strategies to combat these advanced threats as we move forward together
in our pursuit of a trusted digital world.”
Distinguished attendees and speakers at the APT Summit included CISOs,
CIOs, technology Fellows and senior officials from leading think tanks,
industry associations, government, defense and law enforcement.
Attendees also represented numerous commercial industries including:
aerospace and defense, critical infrastructure, legal, finance, energy,
technology and manufacturing.
“We hear thatour nation’s defense secrets, financial security, and
critical infrastructure face significant risk by attackers far away and
hidden in obscurity behind the complex web of the internet. The cyber
security leaders gathered at the RSA-TechAmerica APT Summit understand
the gravity of these threats and have expressed their commitment to
working together to strengthen our defenses against those who are hard
at work trying to exploit any weakness they can find,” said Bill Boni,
Vice President and Corporate Information Security Officer of T-Mobile
USA who attended the APT Summit. “The findings from this event and the
promise to do more of these around the world should help open dialogue
and inspire innovation amongst cyber security leaders and professionals
across many sectors who refuse to be conquered by these threats.”
Summit attendees participated in multiple interactive sessions, which
yielded numerous ideas and perspectives that were collected and
synthesize
d into a 3-page key findings summary brief available today.
Some highlights of that document include:
* Organizations must learn to live in a state of compromise and should
plan and act as though they have already been breached, focusing on
closing the exposure window and limiting damage.
* Situational awareness is essential to detecting threats early and can
help improve security and attack response. Organizations can benefit
from advanced monitoring techniques and technologies, learning from
attacks against other companies and industries and sharing timely threat
intelligence.
* Attack vector has shifted from technology to people. Anyone can be
phished given the right context and the attackers have growing access
about would-be targets through social networking sites. While user
training alone cannot entirely neutralize the threat, training and
testing coupled with user restrictions and visibility can give
organizations a fighting chance.
* Attack customization defies traditional signature-based approaches to
work against a target’s specific weaknesses. Attackers are
increasingly agile and can take advantage of vulnerabilities more
quickly than signature-based approaches can remediate.
* Attackers are better at real-time intelligence sharing than targets
and fixing this should be a top priority. Attackers operate unimpeded by
legal restrictions and other rules that govern corporations and
government organizations. While not a panacea, information sharing of
real-time threat intelligence and attack information is of paramount
interest to give situational awareness used in helping defend critical
infrastructures and mitigate the effects of wide-scale cyber-attacks on
economic prosperity.
* Simplicity is the path to better security, and can be an effective
countermeasure to the many unmanageable and complicated IT
infrastructures in operation today. Given that security is a weakest
link problem, only through understanding assets, processes and endpoints
is there a chance at real defense.
An in-depth whitepaper on these findings will be published in October.
Regional summits announced
RSA also announced a series of regional Advanced Threat Summits this
fall to assemble senior security leaders and visionaries around the
world. The Summits are designed to surface the best strategies,
innovation and public policies that can help bring a collective benefit
to the cyber security ecosystem. The first regional Advanced Threat
Summit presented by RSA will take place Oct. 10 in London just prior to
the 2011 RSA Conference Europe.
“Through this series of regional summits, we are taking this
conversation to the front lines of American business and to
organizations worldwide that are dealing with or trying to protect
themselves against these threats. We intend to bring together leading
cyber security experts and senior-level practitioners who are passionate
about these issues – not just to re-imagine models for defense,
information exchange and industry alliance, but to make true progress
towards their implementation,” said Phil Bond, TechAmerica President
and CEO. “As a group we must not only raise awareness, we must also
lead.”
The Advanced Persistent Threats Summit summary findings can be found
at: www.rsa.com/summitresults. A schedule of upcoming regional Advanced
Threat Summits will be available soon.
About TechAmerica
TechAmerica is the leading voice for the U.S. technology industry –
the driving force behind productivity growth and jobs creation in the
United States and the foundation of the global innovation economy.
Representing approximately 1,000 member companies of all sizes from the
public and commercial sectors of the economy, it is the industry’s
largest advocacy organization and is dedicated to helping members’ top
and bottom lines. TechAmerica is also the technology industry’s only
grassroots-to-global advocacy network, with offices in state capitals
around the United States, Washington, D.C., Europe (Brussels)
and Asia
(Beijing).It was formed by the merger of AeA (formerly the American
Electronics Association), the Cyber Security Industry Alliance (CSIA),
the Information Technology Association of America (ITAA) and the
Government Electronics & Information Technology Association (GEIA).Learn
more about TechAmerica at www.techamerica.org.
About RSA
RSA, The Security Division of EMC, is the premier provider of security,
risk and compliance management solutions for business acceleration. RSA
helps the world's leading organizations succeed by solving their most
complex and sensitive security challenges. These challenges include
managing organizational risk, safeguarding mobile access and
collaboration, proving compliance, and securing virtual and cloud
environments.
Combining business-critical controls in identity assurance, encryption
& key management
(http://www.rsasecurity.com/glossary/default.asp?id=1111), SIEM, Data
Loss Prevention and Fraud Protection with industry leading eGRC
capabilities and robust consulting services, RSA brings visibility and
trust to millions of user identities, the transactions that they perform
and the data that is generated. For more information, please visit
www.RSA.com and www.EMC.com.
About EMC
EMC Corporation is a global leader in enabling businesses and service
providers to transform their operations and deliver IT as a service.
Fundamental to this transformation is cloud computing. Through
innovative products and services, EMC accelerates the journey to cloud
computing, helping IT departments to store, manage, protect and analyze
their most valuable asset – information – in a more agile, trusted
and cost-efficient way. Additional information about EMC can be found at
www.EMC.com.
EMC Canada (www.EMC2.ca), headquartered in Toronto with nine offices
from coast to coast, is a wholly owned subsidiary of EMC Corporation.
- 30 -
For more information contact:
Mike Martin/Michelle Chang
StrategicAmpersand
416-961-5595
mike@stratamp.com
michelle@stratamp.com
EMC and RSA are registered trademarks of EMC Corporation in the United
States and other countries. All other products and/or services are
trademarks of their respective owners.